Lawmakers Question Department of Revenue

Columbia, SC (WLTX) - Four state lawmakers are questioning the South Carolina Department of Revenue after the recent security breach that compromised 3.6 million South Carolina social security numbers and over 387,000 credit and debit card numbers.

State senators Brad Hutto and Vincent Sheheen, along with state representatives James Smith and Mia Butler Garrick, laid out a list of questions and requests.

Here is the letter in it's entirety directed to James Etter, Director of the Department of Revenue:

Dear Mr. Etter,

As you know, many citizens of our state have questions about the recent breach of security at the SC Department of Revenue. We are among them. As elected representatives of the people of South Carolina, we are very concerned for the safety of their identities. There remain important questions, which have not been answered. South Carolina must ensure that the nature of this breach is fully understood and corrective measures are taken. To that end, we ask you to answer all of the questions. Please advise if you cannot complete this by Wednesday (10/31/12) at noon.

Do we know that data was actually transferred out of the system or was the system simply breached?

What types of data were compromised - the full tax return? Social security numbers? addresses? charitable contributions? W2 information? or other information?

Why were any credit card numbers kept in an unencrypted format?

To what degree was the breach the result of poor procedural, security control versus human error?

Why was this data kept in a way that was accessible to the internet?

What security audits were performed on these systems during the past two years?

Have children's SSNs also been compromised and what steps should parents take to ensure that their IDs are protected?

What is the state willing to do beyond the year of (free) ID protection to protect the IDs of children, vulnerable adults and others who have been compromised and may not be able to afford ID protection after the year expires?

Please provide us with a copy of SCDOR's information security standards and policy.

Please describe the time line of when and how SCDOR learned about the breach, steps that were taken, and when any other entities were notified of the breach?

Please explain how much time passed between the time SCDOR was notified of the breach and the time the public was notified?

Please provide an estimate of how much money the state will expend to deal with this breach and its aftermath?

Thanks so much for your prompt attention to this matter.

Sincerely,

Senator Brad Hutto

Senator Vincent Sheheen

Representative James Smith

Representative Mia Butler Garrick.

--End Letter--

Florence Senator Hugh Leatherman has called an emergency meeting of the senate finance committee tomorrow afternoon.

The group will hear testimony from Jim Etter -- the Director of the state department of revenue about the hacking.